-
Notifications
You must be signed in to change notification settings - Fork 0
/
resume.json
268 lines (267 loc) · 19.3 KB
/
resume.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
{
"basics": {
"name": "Jet Anderson",
"image": "https://www.thatsjet.com/images/jet-anime-sm.jpg",
"email": "[email protected]",
"phone": "+1 714-767-0789",
"url": "http://thatsjet.com",
"summary": "Hi, I'm Jet! My passion is leading today's software developers to write secure code as part of modern pipelines, at speed, and at scale, without missing a beat. I've been a software engineer for almost 30 years and believe that fixing security defects is better than just finding them. In my perfect world application security professionals are no longer needed as security is just another element of code quality. \n\n I'm a creative problem solver with a wealth of experience managing people, processes, and technology. I'm a skilled communicator able to translate the verbose into the succinct and a hands-on leader.\n\n In my free time I like overlanding in my Toyota Tundra, mixing cocktails from homemade extracts, and hacking all.the.things.",
"location": {
"address": "",
"postalCode": "",
"city": "North Plains",
"countryCode": "US",
"region": "Oregon"
},
"profiles": [{
"network": "Twitter",
"username": "@thatsjet",
"url": "http://twitter.com/thatsjet"
},
{
"network": "LinkedIn",
"username": "/thatsjet",
"url": "https://linkedin.com/in/thatsjet"
},
{
"network": "GitHub",
"username": "/thatsjet",
"url": "https://github.com/thatsjet"
}
]
},
"work": [
{
"name": "Amazon",
"position": "Sr. Security Engineer - Devices & Services Software Security",
"website": "https://www.amazon.com",
"startDate": "2022-05-23",
"summary": "Initially joined the Alexa organization assessing services in support of the Alexa ecosystem. For the last year supported the Smart Home Devices and Services organization assisting in the secure development of Amazon and 3rd party devices and related services to delight customers with the most advanced, easy to use, and secure smart home experience. As part of that effort I've been an active member of the Connectivity Standards Alliance serving on various technical subgroups including the Matter Threat Model Tiger Team, actively assessing the security of new features in the Matter SDK and specifications.",
"highlights": [
"Participated with engineering teams in the secure design of new systems.",
"Conducted security reviews of critical applications in production to ensure a high security bar is maintained",
"Provided remediation guidance and training for software engineers to assist them in properly mitigating security weakness",
"Assisted development teams with threat modeling of their applications to ensure all weakness is identified and addressed with a risk-oriented mitigation strategy.",
"Created a standardized Python scripting assessment for hiring security engineers",
"Created a standardized Java code review assessment for hiring security engineers",
"Created a standardized threat modeling assessment template for hiring security engineers",
"Mentored junior team members and software engineers interested in software security",
"Participated as a member of the Connectivity Standards Alliance to further develop the Matter Threat Model as well as to provide security reviews of new features in the Matter SDK."
]
},
{
"name": "Nike, Inc.",
"position": "Expert Application Security Engineer",
"website": "https://www.nike.com",
"startDate": "2018-08-01",
"summary": "In order to scale security education for application creators around the world I created the Code Doctor program encompassing instructor led courses, self-service informal learning content in the form of a weekly application security video podcast, and a hands-on laboratory experience fixing security defects in a gamified environment, all scaled and delivered to thousands of application creators worldwide.",
"highlights": [
"Created a training program for developers to introduce fundamentals of secure coding delivered in-person to over 1,000 developers worldwide.",
"Host and producer of an internal podcast with 62 episodes at current publishing deep technical application security content to effectively scale delivery of security remediation and architecture best practices to a global audience.",
"Threat modeling, remediation guidance, consulting and architecture review.",
"Deployed a hands-on, gamified platform for security defect remediation education."
]
},
{
"name": "Nike, Inc.",
"position": "Cyber Security Incident Coordinator",
"website": "https://www.nike.com",
"startDate": "2018-04-11",
"summary": "Cyber incident investigation, containment, and remediation.",
"highlights": [
"I am unable to disclose any highlights of this role as they are confidential."
]
},
{
"name": "SourceClear",
"position": "Developer Evangelist",
"website": "https://www.sourceclear.com",
"startDate": "2017-11-05",
"endDate": "2018-03-09",
"summary": "SourceClear was a leading Software Composition Analysis platform. They were purchased by Veracode in April of 2018.",
"highlights": [
"Engage the InfoSec community through attendance and networking at developer and security meetups.",
"Created the DevSecOpsLife YouTube channel, interviewing experts in AppSec and discussing solutions to the challenges we face.",
"Develop security tooling and engaging content around solving software security problems.",
"Publish content related to software security (see publications below)."
]
},
{
"name": "Cambia Health Solutions",
"position": "Application Security Architect",
"website": "https://www.cambiahealth.com",
"startDate": "2016-05-13",
"endDate": "2017-11-02",
"summary": "Cambia Health Solutions is a group of more than 25 health care companies and includes software and mobile applications, health insurance, non-traditional health care marketplaces and delivery models, pharmacy benefit management, wellness solutions and more. I was brought on to bootstrap an Application Security program, introducing automated analysis built into the software development pipeline, training programs to turn developers into secure code champions, and policies & procedures to tie it all together, all in months rather than years.",
"highlights": [
"When I started at Cambia there was no formal AppSec program. Security engineers would run adhoc SAST/DAST scans when requested but otherwise no process for continuous security. I pioneered the implementation of DevSecOps with SAST, DAST, and SCA in pipeline and by the end of my tenure had 88% of teams doing continuous security as part of CI/CD bringing average scan frequency across all apps to 7.6 scans per month.",
"Set up the company's first ever Capture the Flag event, demonstrating attack techniques to developers using BurpSuite, Postman, and NMAP to attack the OWASP Juice Shop.",
"Created a Secure Code Champions program to teach software developers, managers, and architects elements of a comprehensive application security program.",
"Spoke at 5 conferences/events since I started on topics from 'AppSec Zero to Hero' - how to create a program, launch it, and keep it running; to 'What's hiding in your app?' - a review of the open source dangers lurking in today's applications.",
"Conducted regular penetrations tests of web applications across the enterprise using BurpSuite, Postman, & NMAP scripts to verify mitigation of results from Veracode scans third-party pentests as well as known vulnerabilities from open source findings."
]
},
{
"name": "Veracode, Inc.",
"position": "Solutions Architect",
"website": "https://www.veracode.com",
"startDate": "2015-11-16",
"endDate": "2016-04-16",
"summary": "Veracode is a leader in the Gartner Magic Quadrant for Application Security testing. In my time there I worked with Americas biggest brands identifying risk in the SDLC and helping them design solutions that empower development teams to innovate quickly while identifying vulnerabilities and mitigating risk early.",
"highlights": [
"Designed a solution to empower over 100 application teams at Sabre, Inc. to test software at the earliest stages of each Agile sprint, mitigating risk while it's still cost effective to fix it. Closed the largest freshman deal in Veracode history, a multi-year agreement nearly $1M in total revenue.",
"Coached the global Solution Architecture team on ways to engage earlier with software development groups vs. the typical route through information security, creating security champions during the design phase of projects."
]
},
{
"name": "Hewlett Packard, Inc.",
"position": "Marketing Solutions Architect",
"website": "https://www.hp.com",
"startDate": "2014-05-01",
"endDate": "2015-11-16",
"summary": "HP Software is a leader in the Gartner Magic Quadrant for Enterprise Content Management systems, digital personalization, and media asset management. My role was helping customers understand how to integrate digital solutions to automate their existing workflows, give marketing groups an understanding of customer sentiment, and empower content authors to deliver dynamic and personalized content, to the right person, at the right time.",
"highlights": [
"Spearheaded a large-scale integration effort for FOX Entertainment, Inc., bringing together social media sentiment, targeted social media marketing, and media asset management built to scale for all of FOX's movie, television, and archive brands.",
"Successfully designed and kicked off a $7.2M engagement with Hilton Hotels Worldwide, integrating web content personalization, customer relationship management, upsell/cross-sell, and dynamic content.",
"Drove revenue generation to over 110% of plan 2 years in a row."
]
},
{
"name": "U.S. Bancorp",
"position": "Development & Operations Manager, Wholesale Banking",
"website": "https://www.usbank.com",
"startDate": "2013-05-01",
"endDate": "2014-04-30",
"summary": "US Bank is the national leader in wholesale lockbox processing. The platform I oversaw processed over $3.2 Billion per month in check and credit card payments for wholesale customers with 24x7 shift overlay in 9 operations centers across the United States. When I overtook the leadership role of this group they had no actionable disaster recovery plan, poor cross-functional collaboration, and a reputation within the company of not caring about the customer. I oversaw a successful transformation across all of these areas making the group into a respected and high performing asset to the company.",
"highlights": [
"Built DR platforms and recovery strategies from the ground up, successfully demonstrating 100% recovery within 6 months of owning the team.",
"Went from unstable platform with no recovery plan to 99.999% (5 nines) availability within the first 6 months.",
"Implemented first ever security audit, assuring compliance with PCI, SOX, and all regulatory standards within 9 months.",
"Implemented Agile development methodologies, streamlined development processes, and improved time to delivery, code quality, and code reuse. Time to deliver customizations per customer went from 4 months on average to about 2 weeks with 50% fewer defects.",
"Created team training, engagement, and collaboration strategies earning the team respect and trust."
]
},
{
"name": "U.S. Bancorp",
"position": "Enterprise Content Solutions Architect",
"website": "https://www.usbank.com",
"startDate": "2007-11-17",
"endDate": "2013-04-30",
"summary": " The Enterprise Content Management group at US Bank maintains a platform and development for over 300 web properties across the banking enterprise. The platform supports the creation and delivery of content for 1000+ users on a 24x7 zero latency delivery schedule allowing the business to drive content marketing change and configuration management at the speed of business. Before I joined the team had developers manually deploying their own code to production, maintaining their own databases, and certifying their own code.",
"highlights": [
"Created an administration and recovery team to certify all builds prior to deployment, maintain the platform, and ensure segregation of duties.",
"Built self-serve and automated configuration management processes for developers to implement changes ensuring accuracy and instant automated rollback in case of error.",
"Spearheaded and completed the successful migration off end-of-life software versions running on physical devices to modern versions on scalable virtual machines.",
"Documented all new administration processes, recovery plans, and hired and trained staff to maintain platforms for this newly created team managing administration and training for this enterprise platform."
]
},
{
"name": "Earthbound Media Group",
"position": "VP, Director of Engineering",
"website": "https://www.facebook.com/earthboundmediagroup/",
"startDate": "2006-12-01",
"endDate": "2007-11-01",
"summary": "Prior to when I joined, Earthbound was a boutique marketing and design firm focused largely on one client in the Southern California Higher Education space. I helped transform Earthbound into a digital media solution provider with new business in entertainment, retail, and higher ed.",
"highlights": [
"Built a strong team starting with 1 Jr. web designer to over 10 seasoned web, application, and multimedia engineering professionals.",
"Drove project execution and business development for engineering engagements bringing in over $1.4 Million dollars in the year I was there."
]
},
{
"name": "Miletwo, Inc.",
"position": "Owner, Principal Solutions Architect",
"website": "www.miletwo.net",
"startDate": "2005-01-01",
"endDate": "2006-12-01",
"summary": "After starting my career in software development I quickly became a highly sought after architect of web content management solutions for some of the worlds biggest brands such as:",
"highlights": [
"Qualcomm, Inc. - Converted outdated and home grown legacy content management solution to Interwoven TeamSite, an enterprise solution. Created a team to convert all legacy content onto the new platform and built templating and workflow solutions to allow the team at Qualcomm to maintain going forward.",
"DOW Chemical - Oversaw a complete site conversion of over 5,000 pages of content in under 3 months.",
"Northrop Grumman - Built a new content management system from the ground up, trained a team of content editors, and launched the site for a classified aerospace project near Washington, DC."
]
},
{
"name": "Previous Experience",
"position": "",
"website": "",
"startDate": "1996-01-01",
"endDate": "2005-01-01",
"summary": "In the years prior to owning my business I also held the following roles:",
"highlights": [
"Sr. Application Engineer, TeamSite - AmerisourceBergen Corporation, 2000-2005",
"Sr. Art Director, Human Factors - US Interactive, 1998-2000",
"User Interface Designer - GDI (Garg Data International), 1996-1998"
]
}
],
"volunteer": [],
"education": [{
"institution": "Platt College of Art",
"area": "Graphic Design",
"studyType": "",
"courses": [
"major: Graphic Design",
"minor: Fine Art"
]
}
],
"publications": [{
"name": "Three Easy Steps to DevSecOps",
"publisher": "www.veracode.com",
"releaseDate": "2018-01-09",
"website": "https://www.veracode.com/blog/secure-development/three-easy-steps-devsecops",
"summary": "There’s a lot being discussed these days about secure DevOps. What does it mean to do continuous integration and deployment in a secure way? Is it about securing the pipeline itself? Or, is there more to it than that? I have your back. There are just three basic steps to DevSecOps..."
},
{
"name": "What's in your Crypto Currency Wallet?",
"publisher": "www.veracode.com",
"releaseDate": "2017-12-19",
"website": "https://www.veracode.com/blog/security-news/whats-your-crypto-currency-wallet",
"summary": "Given all of the hoopla about digital currencies these days, I decided to do a little digging into the relative security of cryptocurrency related open source projects..."
}
],
"awards": [
{
"title": "Oh SNAP! There's Crap In Your App",
"awarder": "RSA Conference, 2018",
"summary": "Today’s developers download awesome libraries for their favorite language to do almost anything. We scan our code for flaws with static analysis tools, but what about all the stuff we didn’t write? Learn how to find and track the crap in your app, and how to avoid getting pwned because you let a nasty in the back door with that library that does the really cool thing you couldn’t live without."
},
{
"title": "Securing Your Code from Zero to Hero",
"awarder": "Jenkins World, 2017",
"summary": "With a shift to the cloud, our software needed to be bullet-proof against security defects in a fast-paced DevOps model. The problem: how to build in security along the entire pipeline, keep developers focused on writing great code, and do it all with speed and at scale."
},
{
"title": "Application security: From zero to hero",
"awarder": "O'Reilly Open Source Convention, 2017",
"summary": "Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late."
},
{
"title": "Application security: From zero to hero",
"awarder": "NH ISAC, 2016",
"summary": "Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late."
}
],
"certificates": [{
"name": "CSSLP",
"issuer": "ISC2",
"url": "https://www.credly.com/badges/24188c58-46b0-40a7-8df1-9b883fee233e"
},
{
"name": "GWAPT (expired)",
"issuer": "GIAC",
"url": "https://www.credly.com/badges/df6d5c2c-c8ae-452e-8c97-386e80d4a159"
}],
"projects": [{
"name": "OWASP Logging Vocabulary - Author",
"description": "A standardized logging vocabulary for the implementation of Attack Driven Logging. The use of standardized logging allows for consistent monitoring and alerting and assures that all needed information is included in the logs including log level (debug, info, warn, critical), time (UTC with +Z), and other pertinent information for incident response.",
"url": "https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Logging_Vocabulary_Cheat_Sheet.md"
},{
"name": "OWASP Secrets Management Cheat Sheet - Contributor",
"description":"I wrote the sections related to detection and incident response in this recently released cheat sheet for the proper handling of secrets",
"url": "https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Secrets_Management_CheatSheet.md"
}],
"interests": [{
"name": "Ultralight backpacking, cooking, cocktail mixology, and hacking all.the.things"
}]
}